{"id":12055,"date":"2025-02-03T14:27:52","date_gmt":"2025-02-03T14:27:52","guid":{"rendered":"https:\/\/metaschool.so\/articles\/?p=12055"},"modified":"2025-02-10T03:10:03","modified_gmt":"2025-02-10T03:10:03","slug":"public-key-cryptography-explained","status":"publish","type":"post","link":"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/","title":{"rendered":"Public Key Cryptography: A Comprehensive Guide 2025"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_56_1 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Introduction\" title=\"Introduction\">Introduction<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Core_Concepts_of_Public_Key_Cryptography\" title=\"Core Concepts of Public Key Cryptography\">Core Concepts of Public Key Cryptography<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Symmetric_vs_Asymmetric_Encryption\" title=\"Symmetric vs. Asymmetric Encryption\">Symmetric vs. Asymmetric Encryption<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Mathematical_Foundations\" title=\"Mathematical Foundations\">Mathematical Foundations<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Key_Generation_and_Usage\" title=\"Key Generation and Usage\">Key Generation and Usage<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Key_Cryptographic_Algorithms\" title=\"Key Cryptographic Algorithms\">Key Cryptographic Algorithms<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#RSA_Rivest-Shamir-Adleman\" title=\"RSA (Rivest-Shamir-Adleman)\">RSA (Rivest-Shamir-Adleman)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Diffie-Hellman_Key_Exchange\" title=\"Diffie-Hellman Key Exchange\">Diffie-Hellman Key Exchange<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Elliptic_Curve_Cryptography_ECC\" title=\"Elliptic Curve Cryptography (ECC)\">Elliptic Curve Cryptography (ECC)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Digital_Signatures_Authentication\" title=\"Digital Signatures &amp; Authentication\">Digital Signatures &amp; Authentication<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Signature_Algorithms\" title=\"Signature Algorithms\">Signature Algorithms<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Public_Key_Infrastructure_PKI\" title=\"Public Key Infrastructure (PKI)\">Public Key Infrastructure (PKI)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Applications_of_Public_Key_Cryptography\" title=\"Applications of Public Key Cryptography\">Applications of Public Key Cryptography<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#TLSSSL\" title=\"TLS\/SSL\">TLS\/SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Email_Encryption_PGPGPG\" title=\"Email Encryption (PGP\/GPG)\">Email Encryption (PGP\/GPG)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Blockchain_and_Cryptocurrencies\" title=\"Blockchain and Cryptocurrencies\">Blockchain and Cryptocurrencies<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Security_Considerations_Challenges\" title=\"Security Considerations &amp; Challenges\">Security Considerations &amp; Challenges<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Quantum_Computing_Threats\" title=\"Quantum Computing Threats\">Quantum Computing Threats<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Emerging_Trends\" title=\"Emerging Trends\">Emerging Trends<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/metaschool.so\/articles\/public-key-cryptography-explained\/#Conclusion\" title=\"Conclusion\">Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Introduction\"><\/span>Introduction<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Public-key\u00a0cryptography,\u00a0since\u00a0its\u00a0invention\u00a0in the 1970s,\u00a0has\u00a0had\u00a0a revolutionary\u00a0effect\u00a0on\u00a0information security.\u00a0It\u00a0changed\u00a0how we\u00a0think\u00a0about\u00a0securing\u00a0communications\u00a0in the digital\u00a0world. Before its invention, all\u00a0cryptosystems\u00a0relied on the\u00a0use of the\u00a0same secret key for both encryption and decryption\u00a0factor\u00a0that\u00a0made\u00a0key distribution and management\u00a0rather problematic. The seminal 1976 paper by Whitfield Diffie and Martin Hellman, &#8220;New Directions in Cryptography,&#8221; introduced the concept of public key cryptography, solving the key distribution problem that had plagued cryptographic systems for millennia.<\/p>\n\n\n\n<p>Today, public key cryptography\u00a0is\u00a0behind\u00a0the backbone of modern security\u00a0infrastructures\u00a0that\u00a0enable\u00a0secure internet communication, digital\u00a0signing, and cryptocurrency transactions.\u00a0The\u00a0importance cannot be\u00a0emphasized\u00a0enough-it\u00a0is\u00a0used\u00a0in\u00a0every\u00a0single\u00a0HTTPS\u00a0access\u00a0to\u00a0websites,\u00a0the\u00a0sending\u00a0of\u00a0encrypted\u00a0emails,\u00a0and\u00a0in\u00a0making\u00a0digital\u00a0payments.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Core_Concepts_of_Public_Key_Cryptography\"><\/span>Core Concepts of Public Key Cryptography<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Symmetric_vs_Asymmetric_Encryption\"><\/span>Symmetric vs. Asymmetric Encryption<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Traditional symmetric encryption uses the same key for both encryption and decryption. While computationally efficient, it requires all parties to securely share and maintain the secret key. Public key cryptography introduces asymmetric encryption, using mathematically related but distinct keys for encryption and decryption.<\/p>\n\n\n\n<p>Key differences include:<\/p>\n\n\n\n<p><strong>Performance:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Since\u00a0symmetric encryption is\u00a0usually\u00a0100\u00a0to\u00a01000 times faster than asymmetric encryption,\u00a0it\u00a0would\u00a0be\u00a0more\u00a0suited\u00a0to\u00a0bulk\u00a0encryption\u00a0in real-time applications,\u00a0such as streaming media or,\u00a0most often,\u00a0bulk file transfers. This\u00a0is\u00a0because\u00a0the\u00a0mathematical\u00a0operations used are\u00a0simpler,\u00a0with\u00a0the\u00a0underlying\u00a0hardware-optimized implementations.<\/li>\n\n\n\n<li>Memory and CPU usage is very low in symmetric operations\u00a0due\u00a0to\u00a0the\u00a0utilization\u00a0of\u00a0simple\u00a0bitwise operations and substitution-permutation networks,\u00a0which\u00a0can\u00a0be\u00a0efficiently deployed\u00a0on resource-constrained devices,\u00a0such\u00a0as\u00a0IoT sensors and mobile devices.<\/li>\n\n\n\n<li>Asymmetric encryption, however, has a higher computational overhead due to complex mathematical operations on large numbers. However, it\u00a0solves the key distribution problem\u00a0because\u00a0it\u00a0does\u00a0not\u00a0require\u00a0any\u00a0pre-shared secrets.\u00a0 That\u00a0is\u00a0why\u00a0it\u00a0is\u00a0essential\u00a0to\u00a0establish\u00a0secure connections over untrusted networks like the Internet.<\/li>\n<\/ul>\n\n\n\n<p><strong>Security Properties:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>This\u00a0creates\u00a0a\u00a0significant\u00a0logistical\u00a0challenge\u00a0in\u00a0large\u00a0systems,\u00a0where\u00a0symmetric\u00a0encryption\u00a0requires\u00a0secure\u00a0key\u00a0distribution\u00a0between\u00a0all parties.\u00a0To\u00a0allow\u00a0n parties to communicate securely, n(n-1)\/2 unique keys must be distributed and managed,\u00a0which\u00a0quickly\u00a0becomes\u00a0impractical for large-scale deployments without additional key management infrastructure.<\/li>\n\n\n\n<li>This\u00a0enables\u00a0the\u00a0distribution of the\u00a0public key\u00a0via\u00a0insecure channels\u00a0since\u00a0it\u00a0is\u00a0computationally\u00a0infeasible\u00a0to derive the private key\u00a0from the public key.\u00a0It is\u00a0this property\u00a0that\u00a0allows for\u00a0secure communication\u00a0between\u00a0previously unacquainted\u00a0parties\u00a0and\u00a0finds\u00a0use\u00a0as\u00a0a\u00a0basis\u00a0in\u00a0protocols like TLS and secure\u00a0e-mail.<\/li>\n\n\n\n<li>Asymmetric systems require\u00a0each party\u00a0to\u00a0secure\u00a0only\u00a0their private key,\u00a0dramatically\u00a0reducing the attack surface compared to symmetric systems.\u00a0For security, it is important due to\u00a0this\u00a0minimization\u00a0of\u00a0the\u00a0secret storage\u00a0principle,\u00a0the\u00a0harm\u00a0caused\u00a0by\u00a0a\u00a0key\u00a0compromise,\u00a0and\u00a0also\u00a0to\u00a0make\u00a0the\u00a0auditing\u00a0of\u00a0security\u00a0much easier.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Mathematical_Foundations\"><\/span>Mathematical Foundations<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Public Key Cryptography relies on mathematical problems that are computationally difficult to solve in one direction but easy to verify in the reverse direction. These are known as trapdoor functions. The three main mathematical foundations are:<br><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/metaschool.so\/articles\/wp-content\/uploads\/2025\/02\/image-1-1024x576.png\" alt=\"Public Key Cryptography\" class=\"wp-image-12193\" srcset=\"https:\/\/metaschool.so\/articles\/wp-content\/uploads\/2025\/02\/image-1-1024x576.png 1024w, https:\/\/metaschool.so\/articles\/wp-content\/uploads\/2025\/02\/image-1-300x169.png 300w, https:\/\/metaschool.so\/articles\/wp-content\/uploads\/2025\/02\/image-1-768x432.png 768w, https:\/\/metaschool.so\/articles\/wp-content\/uploads\/2025\/02\/image-1.png 1192w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/cryptography.io\/en\/latest\/hazmat\/primitives\/asymmetric\/rsa\/\" data-type=\"link\" data-id=\"https:\/\/cryptography.io\/en\/latest\/hazmat\/primitives\/asymmetric\/rsa\/\" target=\"_blank\" rel=\"noopener\">Integer Factorization (RSA)<\/a>:<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Finding the prime factors of a large composite number is computationally intensive<\/li>\n\n\n\n<li>Multiplying known prime numbers is computationally trivial<\/li>\n\n\n\n<li>Security relies on the difficulty of factoring large numbers<\/li>\n<\/ul>\n\n\n\n<p>2.<a href=\"https:\/\/math.mit.edu\/classes\/18.783\/2022\/LectureNotes9.pdf\" data-type=\"link\" data-id=\"https:\/\/math.mit.edu\/classes\/18.783\/2022\/LectureNotes9.pdf\" target=\"_blank\" rel=\"noopener\"> <strong>Discrete Logarithm Problem<\/strong><\/a><strong>:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Given g^x mod p, finding x is computationally difficult<\/li>\n\n\n\n<li>Computing g^x mod p when x is known is relatively easy<\/li>\n\n\n\n<li>Forms the basis for Diffie-Hellman key exchange and ElGamal encryption<\/li>\n<\/ul>\n\n\n\n<p><strong>3. Elliptic Curve Discrete Logarithm Problem:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Computing\u00a0the discrete logarithm of an elliptic curve element is\u00a0infeasible<\/li>\n\n\n\n<li>Point multiplication on an elliptic curve is relatively easy<\/li>\n\n\n\n<li>Provides equivalent security to traditional methods with smaller key sizes<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Key_Generation_and_Usage\"><\/span>Key Generation and Usage<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Here&#8217;s a simple example demonstrating RSA key generation and usage in Python:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" data-code=\"from cryptography.hazmat.primitives.asymmetric import rsa, padding\nfrom cryptography.hazmat.primitives import hashes\n\ndef generate_rsa_keypair():\n    # Generate private key\n    private_key = rsa.generate_private_key(\n        public_exponent=65537,\n        key_size=2048\n    )\n    # Extract public key\n    public_key = private_key.public_key()\n    return private_key, public_key\n\ndef encrypt_message(message, public_key):\n    ciphertext = public_key.encrypt(\n        message.encode(),\n        padding.OAEP(\n            mgf=padding.MGF1(algorithm=hashes.SHA256()),\n            algorithm=hashes.SHA256(),\n            label=None\n        )\n    )\n    return ciphertext\n\ndef decrypt_message(ciphertext, private_key):\n    plaintext = private_key.decrypt(\n        ciphertext,\n        padding.OAEP(\n            mgf=padding.MGF1(algorithm=hashes.SHA256()),\n            algorithm=hashes.SHA256(),\n            label=None\n        )\n    )\n    return plaintext.decode()\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #9CDCFE\">from<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">cryptography<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">hazmat<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">primitives<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">asymmetric<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #C586C0\">import<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">rsa<\/span><span style=\"color: #D4D4D4\">, <\/span><span style=\"color: #9CDCFE\">padding<\/span><\/span>\n<span class=\"line\"><span style=\"color: #C586C0\">from<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">cryptography<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">hazmat<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">primitives<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">import<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">hashes<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">def<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">generate_rsa_keypair<\/span><span style=\"color: #D4D4D4\">():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    # <\/span><span style=\"color: #9CDCFE\">Generate<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">private<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">key<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\"> = <\/span><span style=\"color: #9CDCFE\">rsa<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">generate_private_key<\/span><span style=\"color: #D4D4D4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">public_exponent<\/span><span style=\"color: #D4D4D4\">=65537,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">key_size<\/span><span style=\"color: #D4D4D4\">=2048<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    )<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    # <\/span><span style=\"color: #9CDCFE\">Extract<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">public<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">key<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">public_key<\/span><span style=\"color: #D4D4D4\"> = <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">public_key<\/span><span style=\"color: #D4D4D4\">()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">return<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">, <\/span><span style=\"color: #9CDCFE\">public_key<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">def<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">encrypt_message<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">message<\/span><span style=\"color: #D4D4D4\">, <\/span><span style=\"color: #9CDCFE\">public_key<\/span><span style=\"color: #D4D4D4\">):<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">ciphertext<\/span><span style=\"color: #D4D4D4\"> = <\/span><span style=\"color: #9CDCFE\">public_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">encrypt<\/span><span style=\"color: #D4D4D4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">message<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">encode<\/span><span style=\"color: #D4D4D4\">(),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">padding<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">OAEP<\/span><span style=\"color: #D4D4D4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">mgf<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">padding<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">MGF1<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">algorithm<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">hashes<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">SHA256<\/span><span style=\"color: #D4D4D4\">()),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">algorithm<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">hashes<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">SHA256<\/span><span style=\"color: #D4D4D4\">(),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">label<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">None<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        )<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    )<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">return<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">ciphertext<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">def<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">decrypt_message<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">ciphertext<\/span><span style=\"color: #D4D4D4\">, <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">):<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">plaintext<\/span><span style=\"color: #D4D4D4\"> = <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">decrypt<\/span><span style=\"color: #D4D4D4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">ciphertext<\/span><span style=\"color: #D4D4D4\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">padding<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">OAEP<\/span><span style=\"color: #D4D4D4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">mgf<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">padding<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">MGF1<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">algorithm<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">hashes<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">SHA256<\/span><span style=\"color: #D4D4D4\">()),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">algorithm<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">hashes<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">SHA256<\/span><span style=\"color: #D4D4D4\">(),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">label<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">None<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        )<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    )<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">return<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">plaintext<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">decode<\/span><span style=\"color: #D4D4D4\">()<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Key_Cryptographic_Algorithms\"><\/span>Key Cryptographic Algorithms<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"RSA_Rivest-Shamir-Adleman\"><\/span>RSA (Rivest-Shamir-Adleman)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>RSA remains the most widely deployed public key algorithm. Its security is based on the hardness of factoring the product of two large prime numbers. The key generation process involves:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Choose two large prime numbers p and q<\/li>\n\n\n\n<li>Compute n = p \u00d7 q<\/li>\n\n\n\n<li>Compute \u03c6(n) = (p-1)(q-1)<\/li>\n\n\n\n<li>Choose e such that 1 &lt; e &lt; \u03c6(n) and gcd(e, \u03c6(n)) = 1<\/li>\n\n\n\n<li>Compute d such that d \u00d7 e \u2261 1 (mod \u03c6(n))<\/li>\n<\/ol>\n\n\n\n<p>The public key consists of (n, e), while the private key is (n, d). A practical implementation using OpenSSL:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" data-code=\"# Generate RSA private key\nopenssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048\n\n# Extract public key\nopenssl rsa -pubout -in private_key.pem -out public_key.pem\n\n# Encrypt file\nopenssl pkeyutl -encrypt -pubin -inkey public_key.pem -in plaintext.txt -out encrypted.bin\n\n# Decrypt file\nopenssl pkeyutl -decrypt -inkey private_key.pem -in encrypted.bin -out decrypted.txt\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D4D4D4\"># <\/span><span style=\"color: #9CDCFE\">Generate<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #4FC1FF\">RSA<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">private<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">key<\/span><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">openssl<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">genpkey<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">algorithm<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #4FC1FF\">RSA<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">out<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">pem<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">pkeyopt<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #C8C8C8\">rsa_keygen_bits<\/span><span style=\"color: #D4D4D4\">:<\/span><span style=\"color: #B5CEA8\">2048<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\"># <\/span><span style=\"color: #9CDCFE\">Extract<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">public<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">key<\/span><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">openssl<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">rsa<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">pubout<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #569CD6\">in<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">pem<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">out<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">public_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">pem<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\"># <\/span><span style=\"color: #9CDCFE\">Encrypt<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">file<\/span><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">openssl<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">pkeyutl<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">encrypt<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">pubin<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">inkey<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">public_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">pem<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #569CD6\">in<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">plaintext<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">txt<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">out<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">encrypted<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">bin<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\"># <\/span><span style=\"color: #9CDCFE\">Decrypt<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">file<\/span><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">openssl<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">pkeyutl<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">decrypt<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">inkey<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">pem<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #569CD6\">in<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">encrypted<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">bin<\/span><span style=\"color: #D4D4D4\"> -<\/span><span style=\"color: #9CDCFE\">out<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">decrypted<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">txt<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Diffie-Hellman_Key_Exchange\"><\/span>Diffie-Hellman Key Exchange<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The Diffie-Hellman algorithm is being used to establish a shared secret that can be used for secret&nbsp;communications while exchanging data over a public network using the elliptic curve to generate points and get the secret key using the parameters.&nbsp;&nbsp;<br><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/metaschool.so\/articles\/wp-content\/uploads\/2025\/02\/image-3-1024x576.png\" alt=\"\" class=\"wp-image-12196\" srcset=\"https:\/\/metaschool.so\/articles\/wp-content\/uploads\/2025\/02\/image-3-1024x576.png 1024w, https:\/\/metaschool.so\/articles\/wp-content\/uploads\/2025\/02\/image-3-300x169.png 300w, https:\/\/metaschool.so\/articles\/wp-content\/uploads\/2025\/02\/image-3-768x432.png 768w, https:\/\/metaschool.so\/articles\/wp-content\/uploads\/2025\/02\/image-3.png 1400w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The protocol works as follows:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Alice and Bob agree on public parameters: prime p and generator g<\/li>\n\n\n\n<li>Alice generates private key a, computes A = g^a mod p<\/li>\n\n\n\n<li>Bob generates private key b, computes B = g^b mod p<\/li>\n\n\n\n<li>They exchange A and B<\/li>\n\n\n\n<li>Alice computes shared secret: B^a mod p<\/li>\n\n\n\n<li>Bob computes shared secret: A^b mod p <\/li>\n<\/ol>\n\n\n\n<p>Both arrive at the same shared secret: g^(ab) mod p. Here&#8217;s a Python implementation:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" data-code=\"from cryptography.hazmat.primitives.asymmetric import dh\nfrom cryptography.hazmat.primitives import serialization\n\ndef generate_dh_parameters():\n    parameters = dh.generate_parameters(generator=2, key_size=2048)\n    return parameters\n\ndef generate_dh_key(parameters):\n    private_key = parameters.generate_private_key()\n    return private_key\n\ndef compute_shared_secret(private_key, peer_public_key):\n    shared_key = private_key.exchange(peer_public_key)\n    return shared_key\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #9CDCFE\">from<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">cryptography<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">hazmat<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">primitives<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">asymmetric<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #C586C0\">import<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">dh<\/span><\/span>\n<span class=\"line\"><span style=\"color: #C586C0\">from<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">cryptography<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">hazmat<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">primitives<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">import<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">serialization<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">def<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">generate_dh_parameters<\/span><span style=\"color: #D4D4D4\">():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">parameters<\/span><span style=\"color: #D4D4D4\"> = <\/span><span style=\"color: #9CDCFE\">dh<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">generate_parameters<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">generator<\/span><span style=\"color: #D4D4D4\">=2, <\/span><span style=\"color: #9CDCFE\">key_size<\/span><span style=\"color: #D4D4D4\">=2048)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">return<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">parameters<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">def<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">generate_dh_key<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">parameters<\/span><span style=\"color: #D4D4D4\">):<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\"> = <\/span><span style=\"color: #9CDCFE\">parameters<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">generate_private_key<\/span><span style=\"color: #D4D4D4\">()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">return<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">private_key<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">def<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">compute_shared_secret<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">, <\/span><span style=\"color: #9CDCFE\">peer_public_key<\/span><span style=\"color: #D4D4D4\">):<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">shared_key<\/span><span style=\"color: #D4D4D4\"> = <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">exchange<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">peer_public_key<\/span><span style=\"color: #D4D4D4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">return<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">shared_key<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Elliptic_Curve_Cryptography_ECC\"><\/span>Elliptic Curve Cryptography (ECC)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>ECC provides equivalent security to RSA with significantly smaller key sizes. A 256-bit ECC key provides comparable security to a 3072-bit RSA key. ECC operates over points on an elliptic curve of the form:<\/p>\n\n\n\n<p>y\u00b2 = x\u00b3 + ax + b<\/p>\n\n\n\n<p>Key advantages of ECC include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Smaller key sizes\u00a0yield\u00a0faster operations,\u00a0whereas\u00a0a 256-bit ECC key\u00a0would\u00a0offer\u00a0equivalent security\u00a0as\u00a0a 3072-bit RSA key. This dramatic reduction in key size\u00a0directly\u00a0leads\u00a0to\u00a0better\u00a0performance in cryptographic operations\u00a0at\u00a0the same security level against classical computing attacks.<\/li>\n\n\n\n<li>Less\u00a0demand on\u00a0memory and bandwidth:\u00a0key\u00a0representation\u00a0and\u00a0signatures\u00a0are\u00a0compact. This efficiency\u00a0is\u00a0attributed\u00a0to\u00a0the mathematical properties of elliptic curves\u00a0that\u00a0allow complex operations\u00a0using much smaller numbers\u00a0compared\u00a0to\u00a0previous\u00a0cryptographic systems.<\/li>\n\n\n\n<li>It is\u00a0ideal\u00a0to\u00a0be used on\u00a0constrained environments like IoT devices\u00a0or\u00a0mobile applications\u00a0that\u00a0have\u00a0limited CPU, memory, and battery\u00a0lives. The\u00a0minimal\u00a0computational\u00a0overhead\u00a0for\u00a0ECC\u00a0enables\u00a0it\u00a0to implement\u00a0better\u00a0cryptography\u00a0in constrained devices\u00a0without\u00a0severely\u00a0affecting\u00a0performance\u00a0and\u00a0battery life.<\/li>\n\n\n\n<li>Strong security properties,\u00a0thanks\u00a0to\u00a0the mathematical hardness of the ECDLP problem, are regarded to be\u00a0computationally\u00a0more\u00a0difficult than\u00a0the\u00a0factorization\u00a0problem\u00a0for the same key size,\u00a0hence\u00a0having\u00a0a higher security-per-bit ratio compared to RSA.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Digital_Signatures_Authentication\"><\/span>Digital Signatures &amp; Authentication<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Digital signatures provide three essential security properties:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Authentication: Verify the identity of the signer<\/li>\n\n\n\n<li>Non-repudiation: Signer cannot deny signing the message<\/li>\n\n\n\n<li>Integrity: Detect any modifications to the signed message<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Signature_Algorithms\"><\/span>Signature Algorithms<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The most common signature algorithms are:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>RSA-PSS (Probabilistic Signature Scheme):<\/strong><\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" data-code=\"from cryptography.hazmat.primitives.asymmetric import padding\nfrom cryptography.hazmat.primitives import hashes\n\ndef sign_message(message, private_key):\n    signature = private_key.sign(\n        message.encode(),\n        padding.PSS(\n            mgf=padding.MGF1(hashes.SHA256()),\n            salt_length=padding.PSS.MAX_LENGTH\n        ),\n        hashes.SHA256()\n    )\n    return signature\n\ndef verify_signature(message, signature, public_key):\n    try:\n        public_key.verify(\n            signature,\n            message.encode(),\n            padding.PSS(\n                mgf=padding.MGF1(hashes.SHA256()),\n                salt_length=padding.PSS.MAX_LENGTH\n            ),\n            hashes.SHA256()\n        )\n        return True\n    except:\n        return False\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #9CDCFE\">from<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">cryptography<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">hazmat<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">primitives<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">asymmetric<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #C586C0\">import<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">padding<\/span><\/span>\n<span class=\"line\"><span style=\"color: #C586C0\">from<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">cryptography<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">hazmat<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">primitives<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">import<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">hashes<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">def<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">sign_message<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">message<\/span><span style=\"color: #D4D4D4\">, <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">):<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">signature<\/span><span style=\"color: #D4D4D4\"> = <\/span><span style=\"color: #9CDCFE\">private_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">sign<\/span><span style=\"color: #D4D4D4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">message<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">encode<\/span><span style=\"color: #D4D4D4\">(),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">padding<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">PSS<\/span><span style=\"color: #D4D4D4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">mgf<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">padding<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">MGF1<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">hashes<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">SHA256<\/span><span style=\"color: #D4D4D4\">()),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">salt_length<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">padding<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">PSS<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">MAX_LENGTH<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        ),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">hashes<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">SHA256<\/span><span style=\"color: #D4D4D4\">()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    )<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">return<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">signature<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #9CDCFE\">def<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">verify_signature<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">message<\/span><span style=\"color: #D4D4D4\">, <\/span><span style=\"color: #9CDCFE\">signature<\/span><span style=\"color: #D4D4D4\">, <\/span><span style=\"color: #9CDCFE\">public_key<\/span><span style=\"color: #D4D4D4\">):<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">try<\/span><span style=\"color: #D4D4D4\">:<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">public_key<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">verify<\/span><span style=\"color: #D4D4D4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">signature<\/span><span style=\"color: #D4D4D4\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">message<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">encode<\/span><span style=\"color: #D4D4D4\">(),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">padding<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">PSS<\/span><span style=\"color: #D4D4D4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">                <\/span><span style=\"color: #9CDCFE\">mgf<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">padding<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">MGF1<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #9CDCFE\">hashes<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">SHA256<\/span><span style=\"color: #D4D4D4\">()),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">                <\/span><span style=\"color: #9CDCFE\">salt_length<\/span><span style=\"color: #D4D4D4\">=<\/span><span style=\"color: #9CDCFE\">padding<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">PSS<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">MAX_LENGTH<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            ),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">            <\/span><span style=\"color: #9CDCFE\">hashes<\/span><span style=\"color: #D4D4D4\">.<\/span><span style=\"color: #9CDCFE\">SHA256<\/span><span style=\"color: #D4D4D4\">()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        )<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">return<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">True<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    <\/span><span style=\"color: #9CDCFE\">except<\/span><span style=\"color: #D4D4D4\">:<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">        <\/span><span style=\"color: #9CDCFE\">return<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #9CDCFE\">False<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>ECDSA (Elliptic Curve Digital Signature Algorithm):<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>More efficient than RSA signatures<\/li>\n\n\n\n<li>Produces smaller signatures<\/li>\n\n\n\n<li>Widely used in cryptocurrencies<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Public_Key_Infrastructure_PKI\"><\/span>Public Key Infrastructure (PKI)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>PKI provides a framework for managing digital certificates and public key encryption. Key components include:<\/p>\n\n\n\n<p>Certificate Authorities (CAs):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Issue and manage digital certificates<\/li>\n\n\n\n<li>Verify identity of certificate requesters<\/li>\n\n\n\n<li>Maintain certificate revocation lists (CRLs)<\/li>\n<\/ul>\n\n\n\n<p>Digital Certificates:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bind public keys to identities<\/li>\n\n\n\n<li>Include metadata about the key and owner<\/li>\n\n\n\n<li>Signed by trusted CAs<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Applications_of_Public_Key_Cryptography\"><\/span>Applications of Public Key Cryptography<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"TLSSSL\"><\/span>TLS\/SSL<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Transport Layer Security (TLS) uses public key cryptography for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Authentication of servers (and optionally clients)<\/li>\n\n\n\n<li>Secure key exchange for symmetric session keys<\/li>\n\n\n\n<li>Perfect forward secrecy through ephemeral keys<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Email_Encryption_PGPGPG\"><\/span>Email Encryption (PGP\/GPG)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Pretty Good Privacy (PGP) and its open-source implementation GPG use public key cryptography for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email encryption<\/li>\n\n\n\n<li>Digital signatures<\/li>\n\n\n\n<li>Key management and web of trust<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Blockchain_and_Cryptocurrencies\"><\/span>Blockchain and Cryptocurrencies<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Public key cryptography enables:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Digital wallet addresses (public keys)<\/li>\n\n\n\n<li>Transaction signing<\/li>\n\n\n\n<li>Ownership verification<\/li>\n\n\n\n<li>Multi-signature schemes<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Security_Considerations_Challenges\"><\/span>Security Considerations &amp; Challenges<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Quantum_Computing_Threats\"><\/span>Quantum Computing Threats<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Quantum computers pose a significant threat to current public key cryptography:<\/p>\n\n\n\n<p>Shor&#8217;s Algorithm:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Can efficiently factor large numbers<\/li>\n\n\n\n<li>Breaks RSA and ECC<\/li>\n\n\n\n<li>Requires large-scale quantum computers (not yet available)<\/li>\n<\/ul>\n\n\n\n<p>Mitigation Strategies:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Larger\u00a0key sizes\u00a0only\u00a0provide\u00a0a temporary solution by making classical attacks\u00a0infeasible, but this\u00a0is\u00a0impractical as key sizes grow exponentially.\u00a0The\u00a0increased\u00a0key\u00a0size\u00a0also\u00a0has significant impacts on\u00a0system performance and may not be\u00a0suitable\u00a0for\u00a0most\u00a0real-world applications, especially in resource-constrained\u00a0devices.<\/li>\n\n\n\n<li>Quantum-resistant algorithms, also\u00a0called\u00a0post-quantum cryptography, are\u00a0those\u00a0designed\u00a0to\u00a0be\u00a0resistant to\u00a0attacks\u00a0performed\u00a0by\u00a0both classical and quantum computers.\u00a0Examples\u00a0include\u00a0lattice-based\u00a0cryptography, multivariate cryptography, and supersingular isogeny-based\u00a0cryptography;\u00a0all of these obtain their strength from\u00a0mathematical problems that are believed to be hard\u00a0for\u00a0both\u00a0classical\u00a0and\u00a0quantum\u00a0computers.<\/li>\n\n\n\n<li>Hybrid-classical-quantum\u00a0schemes\u00a0work\u00a0in\u00a0a\u00a0combined\u00a0manner\u00a0with\u00a0legacy\u00a0algorithms\u00a0and\u00a0those\u00a0resistant\u00a0to\u00a0quantum\u00a0attacks,\u00a0providing\u00a0&#8220;defense in-depth.&#8221;\u00a0Security\u00a0is\u00a0ensured\u00a0when\u00a0any\u00a0one\u00a0of\u00a0them\u00a0is broken\u00a0by\u00a0either\u00a0classical or quantum attacks.\u00a0It\u00a0is,\u00a0therefore,\u00a0of\u00a0great\u00a0value\u00a0in\u00a0the transition\u00a0to quantum-resistant cryptography,\u00a0so\u00a0long\u00a0as\u00a0backward compatibility\u00a0is\u00a0maintained,\u00a0adding\u00a0at the same time\u00a0protection against future quantum\u00a0attacks.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Emerging_Trends\"><\/span>Emerging Trends<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Homomorphic Encryption<\/strong>: Homomorphic encryption\u00a0is\u00a0a\u00a0revolutionary\u00a0technology\u00a0in cryptography that\u00a0enables\u00a0computations\u00a0to\u00a0be directly performed\u00a0on encrypted data without\u00a0decryption.\u00a0In\u00a0other\u00a0words, it\u00a0enables\u00a0processing\u00a0on encrypted\u00a0data\u00a0by\u00a0untrusted\u00a0entities,\u00a0say\u00a0on\u00a0cloud\u00a0platforms, while\u00a0complete privacy of\u00a0underlying information\u00a0is maintained. The concept comes in\u00a0a\u00a0few flavors: partial homomorphic encryption (PHE)\u00a0that\u00a0supports\u00a0one\u00a0operation type,\u00a0such\u00a0as\u00a0addition or multiplication;\u00a0somewhat homomorphic encryption (SWHE)\u00a0that\u00a0supports a limited number of operations;\u00a0and fully homomorphic encryption (FHE)\u00a0that\u00a0can support\u00a0arbitrary\u00a0computation\u00a0on encrypted data.\u00a0While these\u00a0current\u00a0solutions\u00a0are\u00a0theoretically\u00a0very\u00a0powerful,\u00a0their\u00a0performance\u00a0is\u00a0suffering\u00a0from\u00a0significant\u00a0overheads,\u00a0ranging from 1000x to 1000000x compared\u00a0with\u00a0plaintext operations. Despite these challenges, active research\u00a0is\u00a0being carried out\u00a0to\u00a0enhance\u00a0efficiency,\u00a0and\u00a0recent breakthroughs in bootstrapping techniques and noise management\u00a0have\u00a0shown\u00a0promising results. Applications include private machine learning inference, secure outsourced computation, and privacy-preserving data analytics in healthcare and financial sectors.<\/li>\n\n\n\n<li>I<strong>dentity-based Encryption<\/strong>: Identity-based Encryption (IBE) introduces a paradigm shift in public key cryptography by allowing any arbitrary string, typically an email address or domain name, to serve as a public key.\u00a0Therefore,\u00a0the\u00a0technique\u00a0does\u00a0not\u00a0explicitly\u00a0use\u00a0the\u00a0public key distribution and certificate management\u00a0directly from\u00a0the\u00a0available identity information. The\u00a0proposed\u00a0system\u00a0is\u00a0based\u00a0on a trusted\u00a0PKG,\u00a0which\u00a0is\u00a0supposed\u00a0to\u00a0make\u00a0use of\u00a0a master secret\u00a0for\u00a0generating\u00a0private keys corresponding to each identity.\u00a0This\u00a0simplification of key management comes with\u00a0some\u00a0interesting security implications: the PKG must be\u00a0fully\u00a0trusted\u00a0since\u00a0it can generate private keys for any identity,\u00a0hence\u00a0the &#8220;key escrow&#8221; property.\u00a0Contemporary\u00a0IBE\u00a0schemes\u00a0have\u00a0been extended to include\u00a0additional features\u00a0such\u00a0as\u00a0temporal validity periods and hierarchical key generation\u00a0in order\u00a0to\u00a0provide\u00a0added\u00a0security and scalability.\u00a0It\u00a0has found practical applications in secure email systems, enterprise document protection, and\u00a0authentication of\u00a0IoT\u00a0devices\u00a0where\u00a0the\u00a0traditional\u00a0deployment of\u00a0PKI\u00a0would be impractical.<\/li>\n\n\n\n<li><strong>Attribute-based Encryption<\/strong>: Attribute-based Encryption (ABE) extends\u00a0the\u00a0traditional public-key cryptography by\u00a0embedding\u00a0a\u00a0rich access control\u00a0policy\u00a0directly into the encryption mechanism.\u00a0Rather\u00a0than\u00a0encrypting data for\u00a0individual\u00a0recipients, ABE\u00a0enables\u00a0encryption\u00a0based\u00a0on\u00a0complex policies\u00a0articulated\u00a0in terms of attributes such as role, department, clearance level, or geographic location. The system supports two main variants: Key-Policy ABE (KP-ABE),\u00a0where\u00a0the\u00a0private\u00a0keys\u00a0are associated with\u00a0the\u00a0access\u00a0policies\u00a0and ciphertexts are labeled with attributes, and Ciphertext-Policy ABE (CP-ABE),\u00a0where the\u00a0access\u00a0policy\u00a0is\u00a0carried by\u00a0the\u00a0ciphertext\u00a0itself\u00a0and keys are associated with attributes. This flexibility\u00a0will\u00a0enable\u00a0sophisticated access control scenarios without requiring separate key management infrastructure.\u00a0Dynamic group membership, hierarchical access structures, and revocation mechanisms\u00a0are naturally supported by this technology. Performance improvements in recent years have made ABE practical for real-world applications\u00a0where fine-grained access control is crucial, including\u00a0in secure cloud storage, healthcare information systems, and military communications.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Public Key Cryptography\u00a0today\u00a0forms\u00a0the\u00a0enabling\u00a0basis for\u00a0security\u00a0in\u00a0digital\u00a0communications, authentication, and privacy.\u00a0Threats\u00a0keep\u00a0emerging,\u00a0be\u00a0they\u00a0through\u00a0quantum computing\u00a0or\u00a0ever-changing\u00a0threat landscapes.\u00a0Ongoing\u00a0innovation\u00a0of\u00a0cryptographic algorithms and protocols\u00a0will\u00a0remain critical.\u00a0Security\u00a0professionals\u00a0and\u00a0developers\u00a0must\u00a0be\u00a0able\u00a0to\u00a0grasp\u00a0the\u00a0underlying\u00a0bases that build a foundation for\u00a0the next generation of secure systems.<br><br>A\u00a0constantly changing\u00a0field,\u00a0new\u00a0algorithms\u00a0are\u00a0being\u00a0discovered, applications\u00a0developed, and\u00a0theories\u00a0broken.\u00a0The\u00a0development\u00a0of\u00a0these\u00a0can\u00a0include\u00a0following best practices in\u00a0both\u00a0implementation and key management,\u00a0and\u00a0keeping\u00a0up\u00a0with\u00a0the\u00a0latest developments.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":24,"featured_media":12309,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[14],"tags":[],"class_list":["post-12055","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web3"],"_links":{"self":[{"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/posts\/12055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/comments?post=12055"}],"version-history":[{"count":8,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/posts\/12055\/revisions"}],"predecessor-version":[{"id":12310,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/posts\/12055\/revisions\/12310"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/media\/12309"}],"wp:attachment":[{"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/media?parent=12055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/categories?post=12055"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/metaschool.so\/articles\/wp-json\/wp\/v2\/tags?post=12055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}